Security Diva Meetup - May 2019

RSVP: http://meetu.ps/e/GKhtg/pY6CW/a - All the attendees MUST RSVP. If you are bringing guest, make sure they RSVPd on our meetup page

When: Thursday, May 30, 2019

Where: Mapbox - 50 Beale St Floor 9, San Francisco, CA 94105

  • 5:00 -5:45 pm Gathering and Networking
  • 5:45 - 6:45 pm Presentations
  • 7:00 - 7:30 pm Networking and Wrap Up

Chloé Messdaghi

Security Researcher Advocate @Bugcrowd, board member for 4 nonprofits, co-founder of Women in Security (WoSEC) and heads the San Francisco Chapter, mentors, speaker on diversity and inclusion in InfoSec, safe harbor, and bug bounty, and Drop Labels founder.

Fixing the Internet's Auto-Immune Problem: Bilateral Safe Harbor for Good-Faith Hackers

Thousands of organizations have already adopted the idea of inviting good-faith hacking to hack into their systems via vulnerability disclosure, bug bounty and next-gen pen test programs. Even so, the risk of prosecution under anti-hacking laws still casts a cloud over the hackers who are trying to help, and many programs haven't removed this risk by including Safe Harbor language within their program policies. It's not intentional -- the simple truth is that the market has progressed so rapidly that most have implemented crowdsourced security programs without realizing this issue, nor do they know how to how to fix it. Bilateral Safe Harbor language enables program owners to not only provide a strong incentive for good-faith hackers in terms of explicit legal protection, but also to outline exactly what constitutes "good-faith" hacking for their organization, and leave legal protections against malicious hackers intact.

This talk provides an overview of Safe Harbor in the context of good-faith hacking and introduces a current effort to create a standardized, open-source, easily readable legal boilerplate for disclosure program owners all around the world to use.

Julia Martynko

Founder at Global crypto events, former sales at Agari and SmartCloud Connect for Salesforce with a passion for security and helping others to stay safe in cyberspace. Having obtained a Master’s Degree in Finance, Julia worked in different business spheres such as finance, marketing, recruitment (L’Oreal, Raiffeisen bank, Neumann Partners) before landing in sales 4 years ago. In 2017 she moved to the US from Ukraine and discovered the world of cybersecurity at Agari email security company. During her work at Agari she worked with the best researchers in the space as well as attended numerous cybersecurity events and spoke with many companies about the most common cyber-attacks and how they can be prevented and stopped.

Implementation of DMARC as a way to protect the company’s brand and customers. True and false about DMARC implementation.

DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor the protection of the domain from fraudulent email. Although almost everyone deals with DMARC on an everyday basis (while receiving and interacting with emails from the bank, PayPal, Amazon, etc.) only a few really understand what exactly DMARC does and what kind of attacks it CAN and CANNOT prevent. The talk will include a short history of DMARC, reasons for DMARC implementation as well as how much time and effort does it take to implement DMARC and whether this really worth it.

Dr. Amit Elazari Bar On

Amit Elazari Bar On is a Director of Global Cybersecurity Policy at Intel Corporation and a Lecturer at UC Berkeley’s School of Information Master in Information and Cybersecurity. She holds a JSD from UC Berkeley School of Law and graduated summa cum laude three prior degrees. Her research in information security law and policy has appeared in leading technology law journals, presented at conferences such as RSA, Black Hat, USENIX Enigma, USENIX Security, BsidesLV, BsidesSF and DEF CON, and featured at leading news sites such as The Wall Street Journal, The Washington Post and the New York Times. In 2018, she received a Center for Long Term Cybersecurity grant for her work on private ordering regulating information security, exploring safe harbors for security researchers. She practiced law in Israel

Navigating the Cybersecurity Policy and Legal Landscape

The world is getting more connected and the regulatory landscapes of cybersecurity are evolving. This talk will give practitioners and security researchers a quick intro to the variety of legal and regulatory concepts that govern the cybersecurity landscape focusing on recent trends, IoT and computer crime law. Highlights will include vulnerability disclosure, anti-hacking laws, and IoT security.

  • One block from Embarcadero Station (BART and MUNI access)
  • Four blocks from SF Ferry Building (GGT ferry access)
  • 15 minute drive or bus ride from 4th and King Station (Caltrain access)
  • Car parking garage on premises (50 Beale) Secure bike parking at Embarcadero Station

Additional Information:

  • Humans of all genders are welcome to this event
  • Mapbox Code of Conduct (https://mapbox.com/events/code-of-conduct)
  • Do you need any accommodations to make this event accessible to you? - please send an email and we will make sure to assist.
  • Wheelchair access: The 50 Beale building is 100% ADA compliant ADA compliant entrance and elevators on 1st floor ADA compliant restrooms for all genders on 9th floor Elevators operate 24 hours per day
  • Restrooms access: Single-occupant gender neutral restroom on 9th floor Gendered restrooms marked “Everyone Welcome” (to support transgender inclusion) on 9th floor
  • Additional accessibility: Nursing Lounge available (request 24 hours in advance) Prayer Room (request 24 hours in advance) Pronoun Stickers at check-in desk (to support all genders)